CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2012-3155
https://notcve.org/view.php?id=CVE-2012-3155
Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB. Vulnerabilidad no especificada en el componente CORBA ORB de Sun GlassFish Enterprise Server v2.1.1, Sun GlassFish Enterprise Server v3.0.1 y v3.1.2 y Sun Java Application Server System v8.1 y v8.2 permite a atacantes remotos afectar a la disponibilidad, en relación con CORBA ORB. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html http://www.securityfocus.com/bid/56073 http://www.securitytracker.com/id?1027676 •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3564
https://notcve.org/view.php?id=CVE-2011-3564
Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1 allows local users to affect confidentiality via unknown vectors related to Administration. Vulnerabilidad no especificada en Oracle GlassFish Enterprise Server v2.1.1 permite a usuarios locales afectar a la confidencialidad de la información a través de vectores desconocidos relacionados con la Administración. • http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html •
CVSS: 5.0EPSS: 2%CPEs: 3EXPL: 1CVE-2011-5035 – MyBulletinBoard (MyBB) 1.1.5 - 'CLIENT-IP' SQL Injection
https://notcve.org/view.php?id=CVE-2011-5035
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. Oracle Glassfish 2.1.1, 3.0.1 y 3.1.1, tal como se utiliza en Communications Server 2.0, Sun Java System Application Server 8.1 y 8.2 y posiblemente otros productos, computa valores hash para parámetros de forma sin restringir la habilidad para desencadenar colisiones hash de manera predecible, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante el envío de muchos parámetros manipulados, también conocido como Oracle security ticket S0104869. • https://www.exploit-db.com/exploits/2012 http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html http://marc.info/?l=bugtraq&m=133364885411663&w=2 http://marc.info/?l=bugtraq&m=133847939902305&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://marc.info/? • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 6EXPL: 0CVE-2011-3559
https://notcve.org/view.php?id=CVE-2011-3559
Unspecified vulnerability in Oracle Communications Server 2.0; GlassFish Enterprise Server 2.1.1, 3.0.1, and 3.1.1; and Sun Java System App Server 8.1 and 8.2 allows remote attackers to affect availability via unknown vectors related to Web Container. Vulnerabilidad no especificada en Oracle Communications Server v2.0, GlassFish Enterprise Server v2.1.1, v3.0.1, y v3.1.1, y Sun Java System App Server v8.1 y v8.2 permite a atacantes remotos afectar a la disponibilidad a través de vectores desconocidos relacionados con Web Container. • http://osvdb.org/76476 http://secunia.com/advisories/46523 http://secunia.com/advisories/46524 http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html http://www.securityfocus.com/bid/50204 http://www.securitytracker.com/id?1026222 https://exchange.xforce.ibmcloud.com/vulnerabilities/70816 •
CVSS: 10.0EPSS: 95%CPEs: 4EXPL: 1CVE-2011-0807 – Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0807
Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration. Vulnerabilidad no especificada en Oracle Sun GlassFish Enterprise Server v2.1, v2.1.1 y v3.0.1, y Sun Java System Application Server v9.1, permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la Administración. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle GlassFish Application Server and Oracle Java Application Server. Authentication is not required to exploit this vulnerability. The flaw exists within the Web Administration component which listens by default on TCP port 4848. When handling a malformed GET request to the administrative interface, the application does not properly handle an exception allowing the request to proceed without authentication. • https://www.exploit-db.com/exploits/17615 http://securityreason.com/securityalert/8327 http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html - •